News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Marriott data breach is enormous

    Posted on December 3rd, 2018 at 07:50 woody Comment on the AskWoody Lounge

    Catalin Cimpanu, now on ZDNet, has the news that

    Hours after announcing a data breach on Friday, two Oregon men sued international hotel chain Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland.

    Both lawsuits are seeking class-action status. While plaintiffs in the Maryland lawsuit didn’t specify the amount of damages they were seeking from Marriott, the plaintiffs in the Oregon lawsuit want $12.5 billion in costs and losses.

    That’s a paltry $25 for each record that’s been purloined. 500 million hotel guests, starting in 2014. “name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”

    Quite a haul.

    Check your credit cards, folks. And push for a US-based GDPR.

    UPDATE: If you haven’t seen Brian Krebs’s take on the big breach, look here and here.

    I got quite a chuckle when I checked my old messages and came across this one from May:

    Marriott Rewards

    As we continue to integrate Starwood Hotels with Marriott®, we wanted to let you know that we have updated our Global Privacy policy.

    What’s Changed?

    Our updated Global Privacy Statement now reflects the combination of Marriott International, Inc. and StarwoodHotels & Resorts Worldwide, LLC (formerly known as Starwood Hotels & Resorts Worldwide, Inc.) and their affiliates.
    Our updated Global Privacy Statement makes it easier to understand the types of data we collect, how we collect data, with whom we share and how we use it (e.g., to offer personalized stay and travel experiences based on your personal preferences).
    Our new Privacy Center provides helpful information about how you can express your preferences, from what and how much you share with us, to when and how you hear from us.
    We’re making these updates as new data protection regulations come into effect in the European Union, and we are confident they will make it easier to understand the choices available to you.
    If that helped, take a second to support AskWoody on Patreon

    Home Forums Marriott data breach is enormous

    Tagged: , ,

    This topic contains 7 replies, has 7 voices, and was last updated by

     geekdom 3 months, 2 weeks ago.

    • Author
      Posts
    • #237892 Reply

      woody
      Da Boss

      Catalin Cimpanu, now on ZDNet, has the news that Hours after announcing a data breach on Friday, two Oregon men sued international hotel chain Marriot
      [See the full post at: Marriott data breach is enormous]

      4 users thanked author for this post.
    • #237939 Reply

      JohnW
      AskWoody Plus

      I like these comments that Krebs made in the 2nd link:

      Likewise for individuals, it pays to accept two unfortunate and harsh realities:

      Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren’t, including your credit card information, Social Security number, mother’s maiden name, date of birth, address, previous addresses, phone number, and yes — even your credit file.

      Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold — usually through no fault of your own. And if you’re an American, it means (at least for the time being) your recourse to do anything about that when it does happen is limited or nil.

      2 users thanked author for this post.
    • #237946 Reply

      OscarCP
      AskWoody Plus

      According to this list in Cimpanu’s blog, pretty much everyone that has stayed in any of the hotels listed here at any time in the last five years has had some personal information stolen:

      Guests who stayed at Marriott’s Starwood-branded hotels in the past four years were affected. Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.

      There has been a lot of this going on affecting companies that keep large data bases with their customers’ information. And then there is “the Cloud”.

      1 user thanked author for this post.
    • #237970 Reply

      Rawr
      AskWoody Lounger

      Privacy is a thing of the past these days. You think you’re protecting your privacy or are private but once you’re online or deal with a corporation, it’s long gone and most likely sold to the highest bidder to cater to your ‘personalized ads’. This is why these types of companies make millions and billions.

      1 user thanked author for this post.
      • #238000 Reply

        OscarCP
        AskWoody Plus

        Rawr wrote: ” Privacy is a thing of the past these days.

        That might be true to some extent, although not inevitably so in things that really matter to those who are very careful and jealous about their privacy (see jescott418’s entry below). Legitimate corporations might ask and keep, but would not sell, your credit card or bank account numbers. Criminals, on the other hand, may steal those numbers from those businesses and then sell, or even use them. A corporation that is led by people capable of committing such crimes might exist and might sell your information, if those at the top decided to do so. But it could be jail time and big fines for those bosses if that is ever found. So I doubt they would get into something as risky, and crude, as selling their customers’ numbers.

        • This reply was modified 3 months, 2 weeks ago by
           OscarCP.
    • #237981 Reply

      John
      AskWoody Lounger

      I’ve made a few changes with doing business online. One is I do not store credit cards with any online merchant. Yes, it takes a bit more time to enter in all that stuff but I simply do not trust any companies online security no matter what PR they put out to convince me otherwise. Second I don’t create user accounts for sites I rarely use for purchases. I sign in as a guest account where I hope the company stores very little about me. The GDPR is a interesting step in privacy, but how much teeth it has in penalties and legal actions is yet to be discovered.

      2 users thanked author for this post.
    • #238010 Reply

      anonymous

      Never use old school credit cards for online payments anymore, there are – especially in Europe – much better and secure alternatives. Have one card left in case of emergency, but it’ll probably also go the way of the dodo in the near future.

    • #238088 Reply

      geekdom
      AskWoody Plus

      Quora, too, suffers from data breach; it’s epidemic. More information here:
      https://www.npr.org/2018/12/04/673144745/100-million-quora-users-affected-by-malicious-data-breach

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Marriott data breach is enormous

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: